CVE-2015-3904

Name of the Vulnerable Software and Affected Versions Roomcloud plugin versions prior to 1.3

Description The issue allows remote attackers to inject arbitrary web script or HTML via several parameters in the roomcloud.php file. The vulnerable parameters include pin, start day, start month, start year, end day, end month, end year, lang, adults, and children.

Recommendations For Roomcloud plugin versions prior to 1.3, update to version 1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the roomcloud.php file or validating and sanitizing the input for the vulnerable parameters to minimize the risk of exploitation.